It seems that organisations using the nhs.uk domain need a generous gulp of medicine and plenty of bed rest after an investigation of the health service's online estate uncovered what appeared to be a worrying hacking epidemic. The Register was alerted by reader David to the fact that a number of NHS websites - including some …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Wednesday 26th February 2014 12:26 GMT Graham Marsden

You mean...

... this isn't just something else the Tories have flogged off to their mates...?

1 0
Wednesday 26th February 2014 12:29 GMT AbelSoul

Re: Wot a COCKUP

Puntastic!

0 0
Wednesday 26th February 2014 12:36 GMT Anonymous Coward

"The HSCIC’s role is to process applications to use the domain name from NHS organisations and provide permission for its use, where appropriate. However, responsibility for the maintenance and security of sites using the nhs.uk domain sits with the organisation running each website or service."

So, HSCIC sees these organisations as separate and responsible for their own IT security. Not occurring to them that the fact they are part of the NHS and perceived as such looks REALLY bad to the general public then? All they'll see is NHS = security nightmare. Which is, err... probably fair enough.

2 0
Wednesday 26th February 2014 12:45 GMT Anonymous Coward

Is this Kelsey's operation? Par for the course for a history graduate if so.

0 0
Wednesday 26th February 2014 13:08 GMT Jediben

Clearly the NHS are a little hard up, and these ads are directed to patients who want to be as well!

1 0
Wednesday 26th February 2014 13:29 GMT Vic

HSCIC

Aren't these the guys who are responsible for looking after our care.data-slurped records?

Vic.

3 0
Wednesday 26th February 2014 13:30 GMT Anonymous Coward

To be fair to the HSCIC...

(No, I can't quite believe I just typed that...)

Anyway, to be fair, the NHS is less of a monolithic and cohesive beast than many people think. It's more like a loosely-affiliated herd of organisations all moving in approximately the same direction. Quite often at a glacial pace.

So while standards, policies etc might be centralised, operational responsibility for a lot of things rests with the individual sub-organisation. This includes IT security, whether wards are clean, and the office paperclip count.

In this case, criticising the domain registrar (HSCIC) because of the ineptitude of some NHS web people seems a bit like attacking GoDaddy because someone's .com domain got hacked.

Anon because I'm an NHS web person myself. And I've seen quite a bit of ineptitude at close quarters.

3 0
1. Wednesday 26th February 2014 16:54 GMT Yet Another Anonymous coward
  
  Re: To be fair to the HSCIC...
  
  So when it was split up from being a socialist 60s era dinosaur into a number of dynamic independent key performance indicator focused business groups all striving to leverage synergies - wasn't it supposed to get better, more efficient and less prone to cock-ups?
  
  2 0
Wednesday 26th February 2014 13:41 GMT Anonymous Coward

Advertising Revenue

Although I aware the NHS is strapped for cash because they throw away so much on middle management . I really don't think they should be advertising commercial products at all on any of their sites.

2 0
Wednesday 26th February 2014 13:45 GMT John G Imrie

HSCIC and care.data

So it's not HSCIC that we have to worry about when it come to the data security of our electronic records. It's all the other parts of the NHS that can't seam to secure their data.

2 0
1. Thursday 27th February 2014 15:27 GMT Anonymous Coward
  
  Re: HSCIC and care.data
  
  That is exactly what Kelsey was saying on the radio a couple of weeks ago in an attempt to shut medConfidential up.
  
  0 0
Wednesday 26th February 2014 13:55 GMT Anonymous Coward

So just remind me why can I be sure they won't mis-use or lose my data if it's uploaded to the uber-database that will be care.data?

1 0
Wednesday 26th February 2014 15:35 GMT Anonymous Coward

the body responsible for keeping patients' data secure

washed their hands, so to speak. In plain English: foxtrot oscar and don't come back, because keeping patient's data secure is NOT out job. Our job is keeping patient's data secure. In all OTHER circumstances. Until they prevail, at which point their job becomes keeping patient's data secure in other other circumstances.

1 0
Wednesday 26th February 2014 16:51 GMT gcla72

How hard can it be?

EOF

0 0
Wednesday 26th February 2014 18:34 GMT Will Godfrey

This can only be an improvement

That is, if they are now punting Pron + Viagra. It seems a perfect mental health treatment.

0 0
Thursday 27th February 2014 05:49 GMT JohnMurray

Good job the NHS isn´t US-based!

http://www.testosteronepit.com/home/2014/2/26/data-breaches-couldnt-get-worse-now-an-onslaught-of-attacks.html

1 0
Thursday 27th February 2014 10:32 GMT Alan Brown

It gets worse than that

All the individual medical practices are allowed to farm out their "{practicename}.nhs.uk" domains and operation to any Tom Dick or Harry webfarm.

Code quality and security practices are as you'd expect and for a while last year it was impossible for swathes of Talktalk users to make online appointments as the biggest contractor firewalled out IP ranges seemingly at random.

0 0